package com.huawei.secure.android.common.encrypt.keystore.aes;

import android.annotation.TargetApi;
import android.os.Build.VERSION;
import android.security.keystore.KeyGenParameterSpec.Builder;
import android.text.TextUtils;
import android.util.Log;
import com.huawei.hms.framework.network.restclient.hwhttp.dns.DnsConfig;
import com.huawei.secure.android.common.encrypt.utils.a;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

public class AesGcmKS {
    private static final String A = "AndroidKeyStore";
    private static final int D = 256;
    private static final String TAG = "AesGcmKS";
    private static final String i = "";
    private static final String l = "AES/GCM/NoPadding";
    private static final int n = 12;

    @TargetApi(19)
    public static String encrypt(String str, String str2) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            Log.e(TAG, "alias or encrypt content is null");
            return "";
        }
        try {
            return a.f(encrypt(str, str2.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            Log.e(TAG, "encrypt: UnsupportedEncodingException");
            return "";
        }
    }

    @TargetApi(19)
    public static String decrypt(String str, String str2) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            Log.e(TAG, "alias or encrypt content is null");
            return "";
        }
        try {
            return new String(decrypt(str, a.l(str2)), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            Log.e(TAG, "decrypt: UnsupportedEncodingException");
            return "";
        }
    }

    @TargetApi(23)
    private static SecretKey e(String str) {
        try {
            KeyStore instance = KeyStore.getInstance(A);
            instance.load(null);
            Key key = instance.getKey(str, null);
            if (key != null && (key instanceof SecretKey)) {
                return (SecretKey) key;
            }
            KeyGenerator instance2 = KeyGenerator.getInstance("AES", A);
            instance2.init(new Builder(str, 3).setBlockModes(new String[]{"GCM"}).setEncryptionPaddings(new String[]{"NoPadding"}).setKeySize(D).build());
            return instance2.generateKey();
        } catch (RuntimeException e) {
            Log.e(TAG, "generateKey RuntimeException");
            return null;
        } catch (Exception e2) {
            Log.e(TAG, "Generate key exception");
            return null;
        }
    }

    @TargetApi(19)
    public static byte[] encrypt(String str, byte[] bArr) {
        byte[] bArr2 = new byte[0];
        if (TextUtils.isEmpty(str) || bArr == null) {
            Log.e(TAG, "alias or encrypt content is null");
        } else if (b()) {
            try {
                Cipher instance = Cipher.getInstance(l);
                Key e = e(str);
                if (e == null) {
                    Log.e(TAG, "Encrypt secret key is null");
                } else {
                    instance.init(1, e);
                    Object doFinal = instance.doFinal(bArr);
                    byte[] iv = instance.getIV();
                    if (iv == null || iv.length != 12) {
                        Log.e(TAG, "IV is invalid.");
                    } else {
                        bArr2 = Arrays.copyOf(iv, iv.length + doFinal.length);
                        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
                    }
                }
            } catch (GeneralSecurityException e2) {
                Log.e(TAG, "Encrypt exception: " + e2.getMessage());
            }
        } else {
            Log.e(TAG, "sdk version is too low");
        }
        return bArr2;
    }

    @TargetApi(19)
    public static byte[] decrypt(String str, byte[] bArr) {
        byte[] bArr2 = new byte[0];
        if (TextUtils.isEmpty(str) || bArr == null) {
            Log.e(TAG, "alias or encrypt content is null");
        } else if (!b()) {
            Log.e(TAG, "sdk version is too low");
        } else if (bArr.length <= 12) {
            Log.e(TAG, "Decrypt source data is invalid.");
        } else {
            try {
                Key e = e(str);
                if (e == null) {
                    Log.e(TAG, "Decrypt secret key is null");
                } else {
                    byte[] copyOf = Arrays.copyOf(bArr, 12);
                    Cipher instance = Cipher.getInstance(l);
                    instance.init(2, e, new GCMParameterSpec(DnsConfig.MAX_CACHE_ENTRIES, copyOf));
                    bArr2 = instance.doFinal(bArr, 12, bArr.length - 12);
                }
            } catch (GeneralSecurityException e2) {
                Log.e(TAG, "Decrypt exception: " + e2.getMessage());
            }
        }
        return bArr2;
    }

    private static boolean b() {
        return VERSION.SDK_INT >= 23;
    }
}
